Verified sandbox integration · not client work

05 / API HANDOFF

n8n API Handoff Lab

A native n8n workflow that sends synthetic records through a real HTTP Request node, survives whole-node retry, and proves replay-safe writes against a loopback mock CRM.

Runtime invariants
10
Loopback requests
6
Stored contacts
2

THE HANDOFF RISK

A retry can repeat writes that already succeeded.

A local routing test does not show what happens when an API fails after a workflow has begun processing a batch. The lab forces that boundary: one request returns HTTP 503, n8n retries the complete HTTP node, and every repeated write must remain safe.

CONTROL PATH

Make replay behavior part of the contract.

  1. 01
    Seed

    Create three deterministic example.test records with two stable idempotency keys.

  2. 02
    Write

    Send them through one native n8n HTTP Request node to an exact 127.0.0.1 endpoint.

  3. 03
    Fail

    Return one synthetic HTTP 503 and allow a bounded three-attempt retry policy.

  4. 04
    Replay

    Return the existing contact for an identical key and reject conflicting reuse with HTTP 409.

  5. 05
    Verify

    Fail closed unless transport status, attempts, request count, stored state, host boundary, and zero client actions all match.

VERIFICATION EVIDENCE

What was actually executed.

  • Native n8n 2.26.8 runThe exact inactive four-node workflow was imported and executed in a fresh temporary n8n user folder on Node.js 24.14.0.
  • One real HTTP Request nodeThe workflow contains one POST endpoint bound exactly to 127.0.0.1:45931, a dynamic idempotency header, JSON body, full response capture, and bounded retry.
  • Whole-node retry observedThe synthetic 503 caused n8n to replay the complete HTTP node. The mock recorded six loopback requests across three logical items.
  • Replay-safe resultThe mock retained two contacts. Final n8n output contained one created result, two replayed results, and ten passing invariants.
  • Mutation and conflict guardsA changed verifier outcome fails closed, while a reused idempotency key with different content returns HTTP 409.
  • Zero outside accessNo credential, Internet request, client system, real email, webhook, analytics, upload, or external message was used.

HONEST LIMITS

This proves a sandbox handoff pattern—not a vendor deployment.

The CRM-shaped API is an in-memory loopback mock. The lab does not prove a named third-party integration, client delivery, authentication, credential-store ownership, persistent or concurrent idempotency, production rate limits, load, uptime, alert delivery, deployment, rollback, support coverage, security, or business impact. Those controls require an authorized sandbox and a separately accepted production design.

HAVE A SANDBOX BRIEF?

Test the write boundary before production access.

Bring one sanitized workflow, its expected API contract, replay risk, representative failures, and accountable acceptance owner. Price and schedule remain separate owner-approved decisions.

Review one workflow